Increase in WhatsApp Phishing: Palo Alto Networks Urges Vigilance
The Malaysian Communications and Multimedia Commission (MCMC) has recently issued a warning regarding a circulating application known as “Pink Whatsapp.” This malicious app falsely claims to offer enhanced security and privacy features, a customised interface, and the ability to send larger files compared to the official WhatsApp application. However, once installed, the app gains access to personal data stored on the user’s smartphone, including photos, SMS messages, and contact lists, posing a significant security risk.
Responding to this incident, Steven Shceurmann, RVP of ASEAN from Palo Alto Networks commented, “Unofficial apps may carry malware that can steal users’ data and damage their phones. While ‘Pink WhatsApp’ with its colourful vibes, undoubtedly sounds fun to lure unsuspecting users, it is crucial to be vigilant and recognise the associated data privacy threats. These include losing control of your data such as OTP, malware risks, harvesting of information, and being prompted to click on suspicious links or download malicious files.”
Furthermore, Steven advised users to exercise caution and think twice before taking online action. “We should always remain cautious and aware of the risks associated with downloading applications from unofficial sources, as malicious apps can be found anywhere on the internet.”
Exploiting user behaviour remains a common strategy for hackers to breach system defences. As the first line of defence, users need to stay informed, exercise caution, and rely on official sources whenever possible to mitigate the risk of falling victim to social engineering attacks and phishing schemes. Steven stated, “Never click on unverified links. If necessary, users should verify the legitimacy of a link using a free URL checker available online.”
“Threat actors’ tactics are constantly evolving, and one prevalent strategy is leveraging popular social media apps to circulate malicious links. These links can harbour viruses, trojans, spyware, and ransomware, enabling hackers to steal data and money and gain control over systems,” he added.
According to the 2022 Unit 42 Incident Response Report, 42% of suspected access by threat actors involved phishing and social engineering. In conjunction with Social Media Day, Palo Alto Networks urged users to protect their data and devices, considering emerging fraud risks associated with social media platforms such as Whatsapp, Facebook, Instagram, Twitter, TikTok and more.